Folks, I'm COMPLETELY new to CVS, and am assisting the CVS
administrator configure the tool on a Linux server. I've got a cursory
understanding of the CVSROOT directory structure; my question is one of
permissions. I realize that this has probably been addressed in the past,
but reading through the archives, I've not found, or not understood the
resolution here. My understanding is that I ought to set up an account for a
${CVSADMIN} user, and create a ${CVS} group. In the ${CVSROOT}/CVSROOT
directory, all files should be owned by ${CVSADMIN}, and have very restricted
permissions. My question comes from the remainder of the tree. If
I've got users User1, User2, and User3, all using this repository, I want to make
sure that none of these users either accidentally or maliciously destroy or
damage the entire CVS tree. My understanding is that User1, User2, and
User3 must all belong to the ${CVS} group in order for things to work properly.
If the permission scheme for the ${CVSROOT} directories looks as follows:
config-files (${CVSADMIN}:750) (640)
/
----file2
(User2:700)
/
/
CVSROOT
(${CVSADMIN}:700)
bin (${CVSADMIN}:770) ----- file1 (User1:700)
/
/
/
/ ${CVSROOT} (${CVSADMIN}:755) ----- ProjectDir1 (${CVSADMIN}:
770)
\
\
ProjectDir2 (${CVSADMIN}: 770) there doesn't seem to be anything that prevents User1 from
going into the ProjectDir1/bin directory and removing file2 (which is owned by
User2). The directory permissions don't allow User1 to MOFIDY file2, but
they do allow him to REMOVE file2, if he uses the force option on the rm
command. Alternatively, if I set file permissions for the directories to
be 700 rather than 770, then neither User1 nor User2 can work with CVS. I've kludged a solution, which is to set the setuid flag on
the cvs executable, but I've seen a number of posts that indicate that isn't a
wise move, and I've now got some problems with the update and status command
from remote machines, saying that the directories don't exist (interestingly
enough, I can check in and update files, but I can't do the same with
directories). The exact error is:
cvs server: ignoring ${PROJECTDIR1} (CVS/Repository missing) where ${PROJECTDIR1} is the name of the directory that I'm
trying to update. Given the background presented here:
Any or all recommendations/solutions would be appreciated.
Thanks. Dan Michaelis Database Administrator/Developer eOriginal 410.625.5187 (phone) 410.659.9799 (fax) |
_______________________________________________ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs